Talent.com
Test & Evaluation SME-Cybersecurity Risk Management Construct (CSRMC)
Test & Evaluation SME-Cybersecurity Risk Management Construct (CSRMC)Foxhole Technology • Washington, DC, United States
Test & Evaluation SME-Cybersecurity Risk Management Construct (CSRMC)

Test & Evaluation SME-Cybersecurity Risk Management Construct (CSRMC)

Foxhole Technology • Washington, DC, United States
5 days ago
Job type
  • Full-time
Job description

Test & Evaluation SME-Cybersecurity Risk Management Construct (CSRMC)

Job Locations

US-DC

Job ID

2025-2027

Category

Information Technology

Type

Regular Full-Time

Clearance Required

Top Secret / SCI Capability

Overview

Title : Test & Evaluation SME-Cybersecurity Risk Management Construct (CSRMC)

Location : Washington D.C. (Hybrid)

Clearance : Top Secret with SCI Eligibility

Foxhole Technology provides robust cybersecurity and IT support capabilities for federal civilian and defense agencies. A recognized leader in navigating technology and security challenges, Foxhole delivers mission-focused innovations to answer evolving and complex needs. Our talented employee-owners provide agile, scalable services and solutions that solve operational gaps, operate critical systems, and protect and secure the enterprise - across the organization and around the world.

We are seeking a talented Test & Evaluation SME with hands-on experience focusing on Cybersecurity Risk Management Construct (CSRMC) within federal government environments.

Job Description

The Test & Evaluation SME plays a critical role in enabling the Department of War's CSRMC initiative by providing deep expertise in testing, evaluating, and validating cybersecurity controls and risk-management processes associated with systems authorized under the legacy RiskManagementFramework (RMF) and transitioning into the CSRMC lifecycle. This individual will lead or advise on test planning, execution, independent verification, and validation of security, resiliency, survivability, and continuous monitoring activities. They will partner with system owners, developers, cybersecurity engineers, authorizing officials (AOs), and program test teams to ensure systems meet evolving risk posture, mission assurance and cybersecurity requirements consistent with the CSRMC's five-phase lifecycle (Design Build Test Onboard Operations) and ten foundational tenets (Automation, Critical Controls, Continuous Monitoring, DevSecOps, Cyber Survivability, Training, Enterprise Services & Inheritance, Operationalization, Reciprocity, Cybersecurity Assessments).

Serve as the SME for cybersecurity test & evaluation (T&E) activities associated with RMF / CSRMC-governed systems - including defining test strategies, planning assessment events, coordinating independent verification and validation (IV&V), and integrating security testing into system lifecycle.

  • Develop and / or review test artifacts (e.g., Test & Evaluation Master Plan (TEMP) segments, T&E event plans, cybersecurity test plans, threat-informed test scenarios, penetration test / Red Team inputs, vulnerability assessment results, system stress / failover / resiliency tests) tailored to CSRMC requirements.
  • Ensure testing covers critical controls, cyber-survivability metrics, and continuous monitoring capabilities - validating that controls are implemented correctly, operating as intended, and achieving desired mission outcomes (akin to RMF "Assess" step) but aligned with CSRMC's dynamic operational posture.
  • Lead or interface with assessment teams (including system owner, developer, cybersecurity engineering, test-eval, ISSM / ISSO) to execute security control assessments, Red / Blue Team exercises, resilience testing in contested environments, and continuous monitoring verification.
  • Analyze test results and findings, produce Test Reports, provide recommendations for corrective actions (Plans of Action & Milestones (POA&Ms) where applicable), track remediation status, and provide visibility to Authorizing Officials (AOs) and cybersecurity leadership.
  • Support authority-to-operate (ATO / ATO-equivalent) decisions by providing test evidence, risk-based assessments of control implementation, system vulnerabilities, and threat-informed scenario outcomes.
  • Facilitate integration of T&E activities into DevSecOps pipelines, system development, and deployment workflows to meet CSRMC's emphasis on automation, continuous verification, and operational readiness.
  • Provide subject-matter advice on T&E methodologies, toolsets, and techniques (including automated scanning, STIG / SCAP compliance tools, threat-informed testing, and mission-based T&E) to enhance cybersecurity posture and support program test communities.
  • Mentor, coach, or assist less-experienced cybersecurity / test staff, and contribute to refining organizational test processes, templates, and best practices for RMF / CSRMC alignment.
  • Stay abreast of evolving DoW cybersecurity policy, guidance, and test & evaluation standards (e.g., DoDI8510.01, NISTSP80037, T&E Guidebooks) and ensure test activities reflect current requirements.

Minimum Requirements

  • Bachelor's degree in Cybersecurity, Computer Science, Information Systems, Engineering, or related discipline (or equivalent relevant experience).
  • Minimum of 15 years of cybersecurity and / or test & evaluation experience within the DoW, defense industry, or equivalent mission-critical environment.
  • Must hold (or be eligible to obtain) a DoW Top Secret or higher security clearance
  • At least 5 years of direct experience in test & evaluation of cybersecurity controls, system authorizations, or RMF / A&A activities in a DoW or Government context.
  • Demonstrated experience planning and executing cybersecurity test events (control assessments, penetration testing, resiliency tests, vulnerability scanning, threat-informed scenario testing) for complex systems, with documented results and remediation tracking.
  • Strong familiarity with the RMF process (Steps : Categorize, Select, Implement, Assess, Authorize, Monitor) and associated artifacts (SSP, SAR, POA&Ms) for DoW systems.
  • Knowledge / experience of the CSRMC initiative or ability to rapidly adapt to it - including understanding of continuous monitoring, automation, cyber-survivability, DevSecOps integration, and the five-phase lifecycle.
  • Strong analytical, problem-solving, and risk-based thinking skills - capable of assessing security posture, communicating test findings, supporting risk decisions, and advising senior leadership.
  • Excellent communication (verbal and written), coordination, and stakeholder engagement skills - able to work across program management, system engineering, cybersecurity, test & evaluation, operations, and authorizing officials.

    • Desired Experience / Certifications

  • Professional cybersecurity certifications such as CISSP, CISM, CAP, CEH, or equivalent; and / or test & evaluation credentials are strongly preferred.
  • Advanced degree in cybersecurity, engineering, or related discipline.
  • Experience working in contested, mission-critical, or warfighter-embedded environments (air, land, sea, space, cyberspace).
  • Familiarity with test & evaluation infrastructure / tools and frameworks (e.g., automated scanning tools [ACAS, Nessus], STIG / SCAP compliance, threat-informed test frameworks, resilience / failover testing).
  • Experience working with DevSecOps pipelines, continuous integration / continuous deployment (CI / CD) tools, and embedding security testing into agile development workflows.
  • Prior experience working with DoD programs migrating from RMF to CSRMC or similar risk models (or large-scale cybersecurity transformation initiatives).

    • More Information

    At Foxhole Technology, we are committed to pay transparency as required by law, for our applicants and employee-owners. The salary range for this position is $195,000-220,000. Actual compensation will be determined based on a number of factors as permitted by law.

    Foxhole Technology offers a competitive benefits package for our employees and their dependents, including health, dental, and vision care, paid leave, retirement plans (401K, Roth, and ESOP), life and disability insurance, flexible spending accounts, and education and training assistance.

    Requirements of position : Think analytically, effective verbal and written communication skills, make decisions, observe / remember details, interpret data, concentrate on tasks, adjust to change, handle stress / emotions. Regular attendance, maintain work schedule, attend meetings, meet deadlines, keyboard / type, handle confidential information, use math / calculations, stay organized, operate office equipment, may direct others. May be exposed to dust / dirt, humidity, and noise.

    Foxhole Technology is an Equal Opportunity Employer and makes hiring decisions without regard to race, color, religion, sex (including pregnancy, childbirth and sexual orientation), national origin, age, disability, genetic information, military / veteran status, or any other protected class.

    Need help finding the right job?

    We can recommend jobs specifically for you!

    Click here to get started.

    Create a job alert for this search

    Risk Management • Washington, DC, United States

    Related jobs
    SAP Test Lead

    SAP Test Lead

    Cayuse Holdings • Washington, DC, United States
    Full-time
    Independent Contract - Corp to Corp / 1099.The SAP Test Lead role offers a unique opportunity to drive critical testing initiatives within SAP implementation and enhancement projects.As an independen...Show more
    Last updated: 2 days ago • Promoted
    Accessibility Testing Expert

    Accessibility Testing Expert

    ANGARAI • College Park, MD, us
    Full-time
    Quick Apply
    The ideal candidate will possess deep expertise in digital accessibility standards, testing methodologies, and assistive technologies to ensure that all digital content and applications are inclusi...Show more
    Last updated: 15 days ago
    Risk Manager III

    Risk Manager III

    Amazon • Arlington, VA, United States
    Full-time
    Position : Risk Manager III (multiple positions available).Lead projects to identify technical, functional, operational, and compliance risks. Own projects to remediate issues, including technical an...Show more
    Last updated: 22 days ago • Promoted
    Test and Evaluation Task Lead

    Test and Evaluation Task Lead

    Stahl Companies • Washington DC, US
    Full-time
    Quick Apply
    STAHL Companies provides the Program Management for its Channel of Commercial Technology companies in Government that consist of Small Businesses and New Technology start-ups.STAHL advocates for po...Show more
    Last updated: 30+ days ago
    Subject Matter Expert (SME) - Cybersecurity

    Subject Matter Expert (SME) - Cybersecurity

    Lafayette Group Inc. • Arlington, VA, United States
    Part-time
    Subject Matter Expert (SME) - Cybersecurity.Lafayette Group is seeking qualified and team-oriented individuals to work with federal government organizations in support of national cybersecurity pro...Show more
    Last updated: 30+ days ago • Promoted
    QA Test Engineer

    QA Test Engineer

    AVER, LLC • Washington, DC, United States
    Full-time
    AVER is a fast‑growing SDVOSB that has achieved significant revenue growth over the past 5+ years with much of our work focused on Data Analytics, Mission Support, IT Modernization and Biometrics.W...Show more
    Last updated: 1 day ago • Promoted
    SiteScope SME

    SiteScope SME

    Computer World Services • Bethesda, MD, US
    Full-time
    Computer World Services Corp (CWS) is seeking an exceptional candidate to serve as the SiteScope SME for the National Institutes of Health (NIH) Center for Information Technology (CIT) Operations M...Show more
    Last updated: 23 hours ago • Promoted
    Senior Cyber Assurance & Third-Party Risk Leader

    Senior Cyber Assurance & Third-Party Risk Leader

    Control Risks • Washington, DC, United States
    Full-time
    A global risk consultancy is seeking a senior leader to drive the growth of Digital Risks focusing on cyber assurance, third-party risk management, and regulatory compliance audits.The ideal candid...Show more
    Last updated: 5 days ago • Promoted
    Director, Enterprise Risk Management

    Director, Enterprise Risk Management

    Clarivate Analytics US LLC • Alexandria, VA, United States
    Full-time
    Clarivate is seeking a motivated.Director of Enterprise Risk Management (ERM).Legal team! The Director ERM will report to the Chief Risk and Sustainability Officer (CRSO) and will be responsible fo...Show more
    Last updated: 3 days ago • Promoted
    Project Risk Manager

    Project Risk Manager

    PL ASSOCIATES INC. (PLA) • Washington, DC, United States
    Full-time
    PLA), we believe in the holistic protection of our assets and liabilities.We thrive on eliminating risks while doing business, and we are seeking a highly skilled risk manager to help us achieve th...Show more
    Last updated: 30+ days ago • Promoted
    Risk Lead

    Risk Lead

    Amyx, Inc. • Washington, DC, United States
    Full-time
    Continue with Google Continue with Google.Be among the first 25 applicants.Get AI-powered advice on this job and more exclusive features. Continue with Google Continue with Google.Continue with Goog...Show more
    Last updated: 30+ days ago • Promoted
    Sr. Scrum Master / Team Coach - Cyber Security

    Sr. Scrum Master / Team Coach - Cyber Security

    h3 Technologies • Washington, DC, United States
    Full-time
    Scrum Master / Team Coach - Cyber Security.This role combines hands-on Agile facilitation with team-level coaching to accelerate delivery, increase transparency, and strengthen Agile maturity acros...Show more
    Last updated: 30+ days ago • Promoted
    Senior Cybersecurity Penetration Tester - Hybrid Role

    Senior Cybersecurity Penetration Tester - Hybrid Role

    Ernst & Young Oman • Washington, DC, United States
    Full-time
    A global consulting firm is seeking a Cybersecurity – Attack and Penetration Tester to lead security implementations and foster business resilience in a hybrid role. The ideal candidate has 5+ years...Show more
    Last updated: 4 days ago • Promoted
    IBM Maximo (EAM) Testing Lead

    IBM Maximo (EAM) Testing Lead

    Diverse Lynx • Washington, DC, United States
    Full-time
    Role : IBM Maximo (EAM) Testing Lead.Must Have : Need someone with experience managing a 'Maximo implementation' project. Diverse Lynx LLC is an Equal Employment Opportunity employer.All qualified app...Show more
    Last updated: 2 days ago • Promoted
    Risk Management BSA I, II, III

    Risk Management BSA I, II, III

    Cambia Health Solutions • Washington, DC, United States
    Full-time
    Risk Management – Business System Analyst I, II or III.Oregon, Washington, Idaho or Utah.Every day, Cambia’s dedicated team of Business System Analysts (BSA) is living our mission to make health ca...Show more
    Last updated: 7 days ago • Promoted
    Senior Product Manager - Risk Enablement

    Senior Product Manager - Risk Enablement

    Coinbase • Washington, DC, United States
    Full-time
    Ready to be pushed beyond what you think you’re capable of?.At Coinbase, our mission is to increase economic freedom in the world. It’s a massive, ambitious opportunity that demands the best of us, ...Show more
    Last updated: 30+ days ago • Promoted
    IT Risk and Compliance Professional

    IT Risk and Compliance Professional

    Two95 International Inc. • Washington, DC, US
    Full-time
    Quick Apply
    IT Risk and Compliance Professional.The IT risk and compliance or IT audit professional will support Client's IT Risk & Compliance team in its efforts to establish an ongoing monitoring program...Show more
    Last updated: 30+ days ago
    Senior Cybersecurity Engineer

    Senior Cybersecurity Engineer

    MANTECH • Washington, DC, United States
    Full-time
    This is a hybrid position requiring 3 days on-site and 2 days remote.Reviewing testing and validation to ensure system functionality and compliance with security standards.Developing technical docu...Show more
    Last updated: 16 days ago • Promoted